FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-19 12:13:07 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b62c80c2-b81a-11da-bec5-00123ffe8333	heimdal -- Multiple vulnerabilities A Project heimdal Security Advisory reports: The telnet client program in Heimdal has buffer overflows in the functions slc_add_reply() and env_opt_add(), which may lead to remote code execution. The telnetd server program in Heimdal has buffer overflows in the function getterminaltype, which may lead to remote code execution. The rshd server in Heimdal has a privilege escalation bug when storing forwarded credentials. The code allowes a user to overwrite a file with its credential cache, and get ownership of the file. Discovery 2006-02-06 Entry 2006-03-20 heimdal < 0.6.6 CVE-2005-0469 CVE-2005-2040 CVE-2006-0582 CVE-2006-0677 http://www.pdc.kth.se/heimdal/advisory/2005-04-20 http://www.pdc.kth.se/heimdal/advisory/2005-06-20 http://www.pdc.kth.se/heimdal/advisory/2006-02-06
40a8d798-4615-11e7-8080-a4badb2f4699	heimdal -- bypass of capath policy Viktor Dukhovni reports: Commit f469fc6 (2010-10-02) inadvertently caused the previous hop realm to not be added to the transit path of issued tickets. This may, in some cases, enable bypass of capath policy in Heimdal versions 1.5 through 7.2. Note, this may break sites that rely on the bug. With the bug some incomplete [capaths] worked, that should not have. These may now break authentication in some cross-realm configurations. (CVE-2017-6594) Discovery 2017-04-13 Entry 2017-05-31 heimdal < 7.1.0_3 CVE-2017-6594 ports/219657

VuXML ID

Description

b62c80c2-b81a-11da-bec5-00123ffe8333

heimdal -- Multiple vulnerabilities

A Project heimdal Security Advisory reports:

The telnet client program in Heimdal has buffer overflows in the functions slc_add_reply() and env_opt_add(), which may lead to remote code execution.

The telnetd server program in Heimdal has buffer overflows in the function getterminaltype, which may lead to remote code execution.

The rshd server in Heimdal has a privilege escalation bug when storing forwarded credentials. The code allowes a user to overwrite a file with its credential cache, and get ownership of the file.

Discovery 2006-02-06
Entry 2006-03-20
heimdal

< 0.6.6

CVE-2005-0469
CVE-2005-2040
CVE-2006-0582
CVE-2006-0677
http://www.pdc.kth.se/heimdal/advisory/2005-04-20
http://www.pdc.kth.se/heimdal/advisory/2005-06-20
http://www.pdc.kth.se/heimdal/advisory/2006-02-06

40a8d798-4615-11e7-8080-a4badb2f4699

heimdal -- bypass of capath policy

Viktor Dukhovni reports:

Commit f469fc6 (2010-10-02) inadvertently caused the previous hop realm to not be added to the transit path of issued tickets. This may, in some cases, enable bypass of capath policy in Heimdal versions 1.5 through 7.2. Note, this may break sites that rely on the bug. With the bug some incomplete [capaths] worked, that should not have. These may now break authentication in some cross-realm configurations. (CVE-2017-6594)

Discovery 2017-04-13
Entry 2017-05-31
heimdal

< 7.1.0_3

CVE-2017-6594
ports/219657